Next Page >>
Multiple Vulnerabilities
Vtiger CRM 5.0.4 Multiple Vulnerabilities
Name Multiple Vulnerabilities in Vtiger CRM
Systems Affected Vtiger CRM 5.0.4 and possibly earlier versions
Severity Medium
Impact (CVSSv2) Medium 6/10, vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P)
Vendor http://www.vtigercrm.com
Advisory
http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt
Authors Giovanni "evilaliv3" Pellerano (evilaliv3 AT ush DOT it)
Vtiger CRM 5.2.0 Multiple Vulnerabilities
Name Multiple Vulnerabilities in Vtiger CRM
Systems Affected Vtiger CRM 5.2.0 and possibly earlier versions
Severity Medium
Impact (CVSSv2) Medium 9/10, vector: (AV:N/AC:L/Au:N/C:P/I:P/A:C)
Vendor http://www.vtigercrm.com
Advisory
http://www.ush.it/team/ush/hack-vtigercrm_520/vtigercrm_520.txt
Authors Giovanni "evilaliv3" Pellerano (evilaliv3 AT ush DOT it)
FormMail 1.92 Multiple Vulnerabilities
Name Multiple Vulnerabilities in FormMail
Systems Affected FormMail 1.92 and possibly earlier versions
Severity Medium
Impact (CVSSv2) Medium 4.3/10, vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Vendor http://www.scriptarchive.com/formmail.html
Advisory http://www.ush.it/team/ush/hack-formmail_192/adv.txt
Authors Francesco "ascii" Ongaro (ascii AT ush DOT it)
Giovanni "evilaliv3" Pellerano (evilaliv3 AT ush DOT it)
Jetty 6.x and 7.x Multiple Vulnerabilities
Name Multiple Vulnerabilities in Jetty
Systems Affected Jetty 7.0.0 and earlier versions
Severity Medium
Impact (CVSSv2) Medium 5/10, vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Vendor http://www.mortbay.org/jetty/
Advisory http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
Authors Francesco "ascii" Ongaro (ascii AT ush DOT it)
Giovanni "evilaliv3" Pellerano (evilaliv3 AT ush DOT it)
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Multiple Vulnerabilities with 8.3 Filename Pseudonyms in Web Servers
1. *Advisory Information*
[ Multiple BSD libc/regcomp(3) Multiple Vulnerabilities ]
Author: Maksymilian Arciemowicz
http://www.netbsd.org/donations/
http://securityreason.com/
http://cxib.net/
Date:
- Dis.: 05.10.2011
- Pub.: 04.11.2011
Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities
Name Multiple Vulnerabilities in Mantis
Systems Affected Mantis 1.1.1 and possibly earlier versions
Severity High
Impact (CVSSv2) High 9/10, vector: (AV:N/AC:L/Au:N/C:C/I:P/A:P)
Vendor http://www.mantisbt.org/
Advisory http://www.ush.it/team/ush/hack-mantis111/adv.txt
Authors Antonio "s4tan" Parata (s4tan AT ush DOT it)
Francesco "ascii" Ongaro (ascii AT ush DOT it)
___________
ChX Security |
Advisory #3 |
==========
-> "WP Comment Remix 1.4.3 Multiple Vulnerabilities" <-
_________________
Advisory Information |
===============
Title: WP Comment Remix 1.4.3 Multiple Vulnerabilities
Cacti 0.8.7a Multiple Vulnerabilities
Name Multiple Vulnerabilities in Cacti
Systems Affected Cacti 0.8.7a and possibly earlier versions
Severity High
Impact (CVSSv2) High (9/10, vector: AV:N/AC:L/Au:N/C:C/I:P/A:P)
Vendor http://www.cacti.net/
Advisory http://www.ush.it/team/ush/hack-cacti087a/cacti.txt
Author Francesco "ascii" Ongaro (ascii AT ush DOT it)
Antonio "s4tan" Parata (s4tan AT ush DOT it)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified
Communications Manager
Document ID: 112878
Advisory ID: cisco-sa-20110427-cucm
Collabtive 0.4.8 Multiple Vulnerabilities
Name Multiple Vulnerabilities in Collabtive
Systems Affected Collabtive 0.4.8 and possibly earlier versions
Severity High
Impact (CVSSv2) High 8/10, vector: (AV:N/AC:L/Au:S/C:P/I:C/A:P)
Vendor http://collabtive.o-dyn.de/
Advisory http://www.ush.it/team/ush/hack-collabtive048/adv.txt
Authors Antonio "s4tan" Parata (s4tan AT ush DOT it)
Francesco "ascii" Ongaro (ascii AT ush DOT it)
http://url.foo/tr_status.php?compact=false&onlytrue=true&noactions=true&select=false&txt_select=&sort[%22.phpinfo().%22]=1
<http://url.foo/tr_status.php?compact=false&onlytrue=true&noactions=true&select=false&txt_select=&sort%5B%22.phpinfo%28%29.%22%5D=1>
<http://url.foo/tr_status.php?compact=false&onlytrue=true&noactions=true&select=false&txt_select=&sort%5B%22.phpinfo%28%29.%22%5D=1>
> Zabbix 1.6.2 Frontend Multiple Vulnerabilities
>
> Name Multiple Vulnerabilities in Zabbix Frontend
> Systems Affected Zabbix 1.6.2 and possibly earlier versions
> Severity High
> Impact (CVSSv2) High 9.7/10, vector: (AV:N/AC:L/Au:N/C:P/I:C/A:C)
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://corelabs.coresecurity.com/
Novell iManager Multiple Vulnerabilities
1. *Advisory Information*
Zabbix 1.6.2 Frontend Multiple Vulnerabilities
Name Multiple Vulnerabilities in Zabbix Frontend
Systems Affected Zabbix 1.6.2 and possibly earlier versions
Severity High
Impact (CVSSv2) High 9.7/10, vector: (AV:N/AC:L/Au:N/C:P/I:C/A:C)
Vendor http://www.zabbix.com/
Advisory http://www.ush.it/team/ush/hack-zabbix_162/adv.txt
Authors Antonio "s4tan" Parata (s4tan AT ush DOT it)
Francesco "ascii" Ongaro (ascii AT ush DOT it)
Trustwave SpiderLabs Security Advisory TWSL2012-008:
Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer
https://www.trustwave.com/spiderlabs/advisories/TWSL2012-008.txt
Published: 04/11/12
Version: 1.0
Vendor: Plixer International (http://www.plixer.com)
Product: Scrutinizer NetFlow and sFlow Analyzer
Http://www.inj3ct-it.org Staff[at]inj3ct-it[dot]org
---------------------------------------------------------------
Flat PHP Board <= 1.2 Multiple Vulnerabilities
---------------------------------------------------------------
#By KiNgOfThEwOrLd
########################## www.BugReport.ir #######################################
#
# AmnPardaz Security Research Team
#
# Title: Academic Web Tools CMS Multiple Vulnerabilities
# Vendor: www.yektaweb.com
# Vulnerable Version: 1.4.2.8 and prior versions
# Exploit: Available
# Impact: Medium
# Fix: N/A
Title
Multiple Vulnerabilities in iAntiVirus
Program
PC Tools iAntiVirus for Mac OS X
http://www.iantivirus.com/
Tested version
1.35, Engine Version 1.0.0.10
----------------------------------------------------------------
Script : Maian Greeting v2.1
Type : Multiple Vulnerabilities (XSS/SQL INJECTION)
----------------------------------------------------------------
Discovered by : Khashayar Fereidani Or Dr.Crash
Our Team : IRCRASH
----------------------------------------------------------------
Our Site : Http://IRCRASH.COM
IRCRASH Bugtraq : Http://BUGTRAQ.IRCRASH.COM
----------------------------------------------------------------
Trustwave's SpiderLabs Security Advisory TWSL2009-002:
Cisco ASA Web VPN Multiple Vulnerabilities
Published: 2009-06-24 Version: 1.0
Vendor: Cisco Systems, Inc. (http://www.cisco.com)
Versions affected: 8.0(4), 8.1.2, and 8.2.1
Description: Cisco's Adaptive Security Appliance (ASA)
########################## www.BugReport.ir #######################################
#
# AmnPardaz Security Research Team
#
# Title: Acidcat CMS Multiple Vulnerabilities.
# Vendor: www.acidcat.com
# Vulnerable Version: 3.4.1
# Exploit: Available
# Impact: High
# Fix: N/A
[Bkis-13-2009] e107 Multiple Vulnerabilities
1. General Information
e107 is a free content management system (CMS) written in PHP language
and is available at http://e107.org/news.php . In October 2009, Bkis
Security discovered a number of XSS and Blind SQL Injection
vulnerabilities on this system. Taking advantage of these holes, hackers
can insert arbitrary malicious codes onto users' browsers, then steal
private information or carry out requests to the website to gain
complete control of the website's database.
Vulnerability ID: HTB23004
Reference: http://www.htbridge.ch/advisory/multiple_vulnerabilities_in_e107_1.html
Product: e107 website system
Vendor: e107 ( http://e107.org/ )
Vulnerable Version: 0.7.25 and probably prior
Tested on: 0.7.25
Vendor Notification: 25 May 2011
Vulnerability Type: Multiple Vulnerabilities
Risk level: Medium
Credit: High-Tech Bridge SA Security Research Lab ( http://www.htbridge.ch/advisory/ )
[waraxe-2009-SA#070] - Multiple Vulnerabilities in MKPortal <= 1.2.1
==============================================================================
Author: Janek Vind "waraxe"
Date: 15. January 2009
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-70.html
Description of vulnerable software:
AMember - Multiple Vulnerabilities
Version Affected: 3.1.7 (Apr-10-2009) (newest)
Info: aMember is a flexible membership and subscription management PHP script. It has support for
PayPal, BeanStream, 2Checkout, NoChex, VeriSign PayFlow, Authorize.Net, PaySystems, Probilling,
Multicards, E-Gold and Clickbank payment systems (see list of integrated payment systems) and
allows you to setup paid-membership areas on your site. It can also be used without any payment
system - you can manage users manually.
> Original Advisory:
> http://blog.pouya.info/userfiles/vul/NginX.rar
http://www.coresecurity.com/content/filename-pseudonyms-vulnerabilities
Multiple Vulnerabilities with 8.3 filename pseudonyms in Web servers
"Nginx Web Server [1]. The way Nginx handles files may differ when they
are requested using their 8.3 alias, and short file or path names are
not correctly handled when applying file handling rules or access
restrictions. By abusing of these flaws an attacker can bypass security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security
Appliances and Cisco Catalyst 6500 Series ASA Services Module
Advisory ID: cisco-sa-20120314-asa
Revision 1.0
ZDI-07-056: IBM DB2 DB2JDS Multiple Vulnerabilities
http://www.zerodayinitiative.com/advisories/ZDI-07-056.html
October 10, 2007
-- CVE ID:
CVE-2007-5324
-- Affected Vendor:
IBM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Multiple Vulnerabilities in Cisco
TelePresence Endpoint Devices
Advisory ID: cisco-sa-20110223-telepresence-cts
Revision 1.0
Title: Invision Power Board <= 2.3.5
Multiple Vulnerabilities and Security Bypass
Vendor: http://www.invisionpower.com/community/board/
Advisory: http://acid-root.new.fr/?0:18
Author: DarkFig < gmdarkfig (at) gmail (dot) com >
Released on: 2008/08/29
Changelog: 2008/08/29
Next Page>>
|
